tags:

views:

answers:

Recently our site has been deluged with the resurgence of the ASPRox bot SQL Injection attack. Without going into details, the attack attempts to execute SQL code by encoding the T-SQL commands in an ASCII encoded BINARY string. It looks something like this:

Partially for convenience, partially for security, partially for reuse. I primarily do web app development, but if a URL like this comes into my log and I'm trying to diagnose it, I'd like to be able to quickly decode it without having to fire up SQL Management Studio and potentially execute some malicious code through the decoding process.

To be honest I have been looking for away to do the same, eventually what I did was log it and I use a separate database in a VM to look at the content. Wish there was an easier answer, but I am also looking for this solution.